A knowledge management approach to administering information security policies, controls and standards
Current Threat: The Archer Policy Management solution brings a knowledge management approach to administering information security policies, controls and standards, and ensures that policies remain relevant to new and existing regulatory requirements. Archer Policy Management empowers customers (including 35/40 top financial services companies, 7 top telecoms, Fortune 1000s and government agencies) to define, deploy and administer effective security policies and controls, demonstrate compliance to regulations, track exceptions and manage control assessments. Archer’s robust architecture incorporates key components, such as integrated workflow, advanced searching and built-in web portal, that greatly reduce the effort and complexity of creating, implementing and communicating policies enterprise wide.
Tomorrow's Technology Today: Archer Policy Management is the only solution that offers deep integration with enterprise risk and compliance processes such as Archer Risk, Asset, Vendor and Incident management initiatives. This provides enterprises with the most comprehensive view of how policies affect all aspects of an organization.
The Archer Policy Management solution:
Enables customers to easily tailor their policy solution to their specific needs through an easy-to-use GUI , for the management of policy structure, naming conventions and content.
Provides comprehensive Policy Exception Management through authorized workflow, real-time access to exception requests, status and expirations to demonstrate corporate control and regulatory compliance
Ensures Audit Readiness; rated #1 in-plan vendor for compliance reporting in recent Fortune 1000 survey by The InfoPro
Enables Training and Awareness through the preparation, scheduling and administration of online security awareness campaigns, generation of compliance quizzes that test users’ comprehension and acceptance of policies
Archer empowers organizations to create corporate and IT policies, standards and procedures; distribute them online; educate and train employees; and track compliance, exceptions and violations. By facilitating the design, communication and management of security policies and compliance processes through an enterprise portal where users can access corporate security policies, it automatically maps to industry references and links technical configuration procedures (e.g., Windows 2000 Server) to the policies they support. With Policy Management, organizations can better ensure compliance with federal and corporate regulations.
With Archer’s out-of-the-box Policy Management solution, organizations get over 11 information security references, and more than 1100 sub-references, including security standards (e.g. ISO 17799, ISF, PCI), legislative acts (e.g. FFIEC Booklet, HIPAA, 21 CFR11) and the ability to add additional references (e.g. ITIL, CA-1386). Archer’s solution also includes 592 best practice control standards which support high-level policies, provide guidance on compliance and link to related industry references.
With Policy Management, organizations can write new policies and integrate existing policies within the dashboard, as well as link related policies through the import wizard. The ability to attach files, such as flowcharts, images, etc., allows organizations to provide detailed policy information for employees in one quick and easy to use dashboard. Through this automation of the policy management process, organizations can not only easily distribute policies, but also educate and train employees and track compliance, exceptions and violations to each company policy.
Policy Management allows policy managers to automatically notify employees of new or modified policies and aids in compliance by tracking users who have read and accepted specific them. Archer’s user friendly dashboard arranges policies in an easy to understand tree format, while allowing users to quickly search and filter by job or related function. Through these capabilities, Archer delivers a cost effective policy management solution that improves the efficiency and flexibility of an organization’s policy control.
Archer Technologies Overview
While Archer’s solutions can be deployed independently to address specific business requirements, implementing them together forms a powerful, cohesive system. These solutions address seven core processes involved with enterprise risk and compliance management:
Sarbanes-Oxley Compliance Management
Archer empowers organizations to automate and manage these processes through a set of comprehensive, integrated solutions. Out of the box, these solutions enable clients to take a best-practice approach to enterprise risk and compliance management (ERCM). Through the Archer ERCM solution set, organizations gain a central repository of risk and compliance management functions, such as policies, control documentation, assessments, risk findings and actionable, ad-hoc reporting.
But Archer recognizes that one size doesn’t fit all. Organizations have unique processes for risk and compliance management, and retrofitting processes to a rigid solution structure is not a viable option. To address the needs for customization, Archer, a Microsoft Gold Partner, delivers out-of-the-box solutions built on the BITS-certified Archer SmartSuite Framework that can be easily tailored to meet specific risk and compliance requirements. Business users with no prior knowledge of database systems or programming languages can simply point and click to tailor Archer solutions or to automate additional processes for information storage and sharing.
Tailoring Archer Solutions
The Archer SmartSuite Framework is the core of Archer’s market-leading solutions, including Policy, Threat, Asset, Risk, Incident, Vendor and Sarbanes-Oxley Compliance Management. Solution customization can be accomplished via Archer’s easy-to-use web interface and does not require a programmer or technical resource. The Archer SmartSuite Framework provides wizards and intuitive administrative pages that enable clients to model and automate their unique business processes.
Creating New Solutions
The types of applications clients can build with the Archer SmartSuite Framework are limited only by their imagination. Any manual business process that involves storing, managing and maintaining information can be automated through this flexible Framework, including:
Internal employee surveys
Physical security incident tracking
Data classification management
Firewall change request tracking
Trouble ticketing systems
Test plan management
And much more
The end result of employing the comprehensive Archer ERCM solution set to manage and automate risk and compliance processes is a foundation for total IT governance.
Conclusion: Through Archer, an organization can gain a global view of their policy compliance landscape by utilizing a dashboard with high-level overviews and the capabilities to drill-down for more in depth analyses to make informed decisions that ensure the organization is staying within regulation and control boundaries.
13200 Metcalf , Suite 300
Overland Park, KS 66213 USA